[autobackport: sssd-2-9] Filter IPv6 addresses not suitable for DNS updates by sssd-bot · Pull Request #8249 · SSSD/sssd

sssd-bot · 2025-11-27T14:21:26Z

This is an automatic backport of PR#8142 Filter IPv6 addresses not suitable for DNS updates to branch sssd-2-9, created by @thalman.

Caution

@thalman The patches did not apply cleanly. It is necessary to resolve conflicts before merging this pull request. Commits that introduced conflict are marked with CONFLICT!.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr8142-to-sssd-2-9
git checkout SSSD-sssd-backport-pr8142-to-sssd-2-9
git push sssd-bot SSSD-sssd-backport-pr8142-to-sssd-2-9 --force

Original commits
b1d425a - Filter IPv6 addresses not suitable for DNS updates
637b7bc - test: check temporary address exclusion

Backported commits

db5b681 - Filter IPv6 addresses not suitable for DNS updates
fbf9890 - CONFLICT! test: check temporary address exclusion

Conflicting Files Information (check for deleted and re-added files)

CONFLICT! test: check temporary address exclusion

On branch SSSD-sssd-backport-pr8142-to-sssd-2-9
You are currently cherry-picking commit 637b7bcb7.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   Makefile.am

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   src/tests/cmocka/test_dyndns.c```

---

**Original Pull Request Body**

Exclude IP addresses not suitable for DNS updates.

thalman · 2025-11-28T15:56:29Z

I had to cherry-pick b821c77 due to its Makefile.am changes. Otherwise the backport ist straight forward.

alexey-tikhonov · 2025-12-01T10:07:05Z

FAILED tests/test_access_control_simple.py::test_access_control_simple__permits_user_login_based_on_group (samba) is a known issue not introduced in this PR.

The presence of the disable_netlink option in the sssd.conf man page is now conditional to HAVE_LIBNL, that is, to the present of the library and to value of the --with-libnl ./configure wasi executed. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit b821c77)

IPv6 brings a concept of address states defined in several RFCs (RFC 2462, RFC 3041, RFC 4862). Adresses that are marked as temporary, deprecated or tentative should not be used in DNS updates. This PR reads those flags via netlink interface and it excludes addresses with those flags. Resolves: SSSD#8089 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit b1d425a)

IPv6 address can be marked as temporary, deprecated or tentative. We should exclude them from DNS updates. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 637b7bc)

sssd-bot · 2025-12-01T10:43:59Z

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

🟢 CodeQL (success)
🟢 rpm-build:centos-stream-9-x86_64:upstream (success)
🟢 Analyze (target) / cppcheck (success)
🟢 Build / make-distcheck (success)
🟢 ci / prepare (success)
🔴 ci / system (centos-9) (failure)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

sssd-bot assigned justin-stephenson and alexey-tikhonov Nov 27, 2025

sssd-bot requested review from alexey-tikhonov and justin-stephenson November 27, 2025 14:21

thalman force-pushed the SSSD-sssd-backport-pr8142-to-sssd-2-9 branch 2 times, most recently from 68e8ecd to 2755ab1 Compare November 28, 2025 13:45

thalman marked this pull request as ready for review November 28, 2025 15:56

alexey-tikhonov removed the request for review from justin-stephenson December 1, 2025 10:04

alexey-tikhonov unassigned justin-stephenson Dec 1, 2025

alexey-tikhonov added the no-backport This should go to target branch only. label Dec 1, 2025

alexey-tikhonov approved these changes Dec 1, 2025

View reviewed changes

alexey-tikhonov added the Accepted label Dec 1, 2025

aplopez and others added 3 commits December 1, 2025 10:43

sssd-bot force-pushed the SSSD-sssd-backport-pr8142-to-sssd-2-9 branch from 2755ab1 to 56fd99a Compare December 1, 2025 10:44

alexey-tikhonov merged commit cdb0167 into SSSD:sssd-2-9 Dec 1, 2025
8 of 9 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[autobackport: sssd-2-9] Filter IPv6 addresses not suitable for DNS updates#8249

[autobackport: sssd-2-9] Filter IPv6 addresses not suitable for DNS updates#8249
alexey-tikhonov merged 3 commits intoSSSD:sssd-2-9from
sssd-bot:SSSD-sssd-backport-pr8142-to-sssd-2-9

sssd-bot commented Nov 27, 2025

Uh oh!

thalman commented Nov 28, 2025

Uh oh!

alexey-tikhonov commented Dec 1, 2025

Uh oh!

sssd-bot commented Dec 1, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

sssd-bot commented Nov 27, 2025

Uh oh!

thalman commented Nov 28, 2025

Uh oh!

alexey-tikhonov commented Dec 1, 2025

Uh oh!

sssd-bot commented Dec 1, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants